Reverse shell for NAT users with tmux+socat+ssh

tmux-connect.sh

#!/bin/sh
#
# Run this script on relay_server to connect shared session
#

read -p "Port number: " relay_port

socat file:`tty`,raw,echo=0 tcp-connect:localhost:${relay_port}

tmux-share.sh

#!/bin/sh
#
# Run this script on guest side to create shared session
# based on: https://tqdev.com/2017-helping-friends-on-the-linux-command-line
# alternative: https://github.com/gravitational/teleconsole
#
# BUG: only one detach per session allowed by SOCAT

read -p "User: " username
read -p "Server: " relay_server
read -p "Port: " relay_port
tmux_session=support-${username}

echo "Starting new session on ${username}@${relay_server}:${relay_port}"

tmux new-session -d -s ${tmux_session}

socat exec:"tmux attach -t ${tmux_session}",pty,raw,echo=0,stderr,setsid,sigint,sane \
      tcp-listen:${relay_port},bind=localhost,reuseaddr & \
      export SOCAT_PID=$!
ssh -R ${relay_port}:localhost:${relay_port} -N ${username}@${relay_server} & \
      export SSH_PID=$!
tmux attach -t ${tmux_session} 

echo "Session finished"

tmux kill-session -t ${tmux_session} 
kill ${SSH_PID} ${SOCAT_PID}